Wifi AP With TOR Guest Network

Introduction: Wifi AP With TOR Guest Network

Having gotten fed up with commercial wireless router/ap offerings, I decided to see what I could accomplish with little more than an old shuttle computer and a couple of wifi adapters. I also really believe in the https://openwireless.org/ and wanted to help but didn't want to open my network to potential DCMA or other legal noticies. Managed to create a wireless AP that is fast, secure, and allows my neighbors to be able to get online in a pinch without letting any of their traffic directly touch my network or come from my IP.

Required:

A computer - This could be a single board computer like a Raspberry Pi or an old castoff that you have lying around. You really don't need a lot of power

Step 1: Install Debian

Download and install Debian onto whatever box you are wanting to use as the host for these wireless cards. The setup is rather easy and shouldn't require anything special. Note that the instructions are different for Rasbian or other single board computers.

Suggestions:

Go with Debian's stable branch for a business installation or testing for a residential installation. The testing branch has slightly newer versions of software packages but this can sometimes require troubleshooting during an upgrade.

Do not enter a password for the root user, this will cause sudo to be installed and the user created during setup to be granted sudo permissions. This will also disable root which will make your AP a lot harder to brute force since someone would have to guess the username and the password.

Use 2 partitions during your installation, one for / that uses all but 2GB and another for swap that uses the rest.

On your / partition, disable atime in the mount options for a faster read speed

During the software selection screen, only select SSH Server, laptop (for power savings), and standard system utilities

After the installation, install vim to make editing files faster

Step 2: Change Aptitude's Sources.list

I recommend changing /etc/apt/sources.list so that you will always stay with the stable/testing/unstable branch that you have chosen. At the time of writing this, wheezy is stable, jessie is testing, and sid is (as always) unstable. If you do this, you will need to also remove the lines that contain the release name-backports as they do not have stable/testing/unstable repositories.

You will also need to enable contrib and non-free for most wireless adapter's drivers. This is as easy as adding them after main on each of the sources lines.

sudo su -

Changes to the root user which makes initial setup of the box easier

vim /etc/apt/sources.list

:%s/wheezy/stable/ or :%s/jessie/testing/

Uses sed built into vim to replace all instances of the release name with the generic release name. Note the colon and choose the one that's pertinent to your release.

:%s/replace this/with this/

:%s/main/main contrib non-free/

Add in the contrib and non-free repos

:wq

Save and quit

apt-get update

Refresh the package lists from the repos

Step 3: Install and Configure SystemD

SysVinit is being deprecated and SystemD is coming in to replace it. I have found that it speeds up my boot dramatically.

sudo su -

If you're not still root, change to root

apt-get update

This forces aptitude to go grab a listing of all new packages from the repository and ensures you get the latest software

apt-get install systemd

Installs systemd package

vim /etc/default/grub

Edit the line

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

to

GRUB_CMDLINE_LINUX_DEFAULT="quiet init=/bin/systemd"

update-grub

Step 4: Install Wireless Card Drivers

The cards I chose were based on the Ralink chipset and were quite easy to install. For other chipsets you will need to look up what package you need (hint: most of them are firmware-chipset).

sudo apt-get install firmware-ralink

Your first card plugged in should get wlan0 and your second card should get wlan1. If your cards are different and it matters which is which, connect your primary card first and your TOR guest card second so that primary gets wlan0 and the TOR guest gets wlan1.

Step 5: Configure Network Interfaces

You will need to configure the network interfaces so that wlan0 is in a direct bridge with the onboard ethernet card and wlan1 is assigned a static IP address.

sudo su -

# apt-get install bridge-utils

Download interfaces and place it in /etc/network/interfaces

Edit br0 to match your local network settings

Edit wlan1 so that it is not on your main network

# iptables-save > /etc/iptables.ipv4.nat

# ifdown eth0

Take down the old interface

# ifup br0

Bring up the bridge

# ifup wlan1

Bring up wlan1

Note: I had to rename the interfaces file to net.int due to Instructables giving a 403 error when the file was named interfaces. Be sure to rename net.int to interfaces when downloading the file.

Fix It! Contest

Metalworking Contest

Tiny Home Contest

4 Discussions

i have gotten the same thing '403 forbidden' or access restricted. i believe that this is because our machines have already been compromised in some way . the way myself and a few friends are trying to get around this is by having friends try to download the same things , and so far there has been luck.i hope my comment does not fall on deaf ears, and i fully support the open network as do the providers as long as they get to watch everything...i am not mentioning any names, comcast or xfinity for example. watch livescifi and you will see how much trouble tim has with his comcast network.nobody realizes how much their networks are compromised until all of a sudden 5,000 dollars is missing form their accounts. Thank you and all the others that support the open network policy and produce great tutorials.!!!

Hey man! It is an excellent tutorial but you will think your able to upload again (or copy them elsewhere) configuration files again? Intefaces and torrc files do not work, it redirects me this error "403 Forbidden Request forbidden by administrative rules. "

Thanks for catching that for me! I tried uploading the files again with the same names and they were still giving 403 errors. I renamed the files and reuploaded them and they worked fine. I can only assume that Instructables has hidden reserved names for files to protect against server attacks?